RimFire007
asked on
Server 2008 std and basic priciplas for Remote Access
Hi
My first 2008 Server.
Scenario. 2008 std Server (DC and Fileserver). 30 worksations (XPs) and apx 5 remote workers who take their laptops time times to home and need access to server shares. No Exchange.
Is there any easy way to allow workstations to access servr's shares? I'm happy to setup port forwarding rules on Firewall (two public IPs).
Any guidance is apreciated.
Have a Great New Year!
Thanks,
Juha
My first 2008 Server.
Scenario. 2008 std Server (DC and Fileserver). 30 worksations (XPs) and apx 5 remote workers who take their laptops time times to home and need access to server shares. No Exchange.
Is there any easy way to allow workstations to access servr's shares? I'm happy to setup port forwarding rules on Firewall (two public IPs).
Any guidance is apreciated.
Have a Great New Year!
Thanks,
Juha
ASKER
Hi
I have only one server there. I googled a little and wasn't sure how to go on. I wonder if there is easy wizards to establish the VPN? PPTP is too unsecure. LSTP seemed to quite tricky, specially in the real world. Do you suggest that - any links?
Rgs,
Juha
I have only one server there. I googled a little and wasn't sure how to go on. I wonder if there is easy wizards to establish the VPN? PPTP is too unsecure. LSTP seemed to quite tricky, specially in the real world. Do you suggest that - any links?
Rgs,
Juha
I have a 2008 box at home that is a DC and also RRAS. Works beautifully over the internet. I VPN from XP/Windows 7/Mac OS X without any issues and can access any shares. Works great.
Note that VPN is indeed a good solution BUT the remote nodes do become part of your network and depending on your rules (ports/IPs the remote nodes can access) this may become a huge issue as an infected machine may end up infecting the entire company if such restrictions are not in place. Keep that in mind when deploying a VPN solution.
Cláudio Rodrigues
Citrix CTP
Note that VPN is indeed a good solution BUT the remote nodes do become part of your network and depending on your rules (ports/IPs the remote nodes can access) this may become a huge issue as an infected machine may end up infecting the entire company if such restrictions are not in place. Keep that in mind when deploying a VPN solution.
Cláudio Rodrigues
Citrix CTP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks gyes
SBS servers usually has pretty easy "step by step" wizards to take care of these (but actually not quite what I need). This is my second 2008 std server ( a migration from 2000). Done several 2003s up to 100 WSs. Several FW networks - also off shore. Less than 2 colleague, so I need to solve problems by my self .
How do you improve this WS remote access of which I'm not 100% pleased, allready tested:
1. I'll allready built a L2TP VPN tunnel terminated to an HW FW.
2. I configured a XP/Vista WS to connect to FW via L2TP tunnel.
3. Now i can ping the the FW internal IP and also the LAN IPs.
4. Tested this with non domain joined WS.
5. I configured a XP/Vista WS to connect to DC via PPTP tunnel.
6. Now I can open the shares without problems.
7. Tested this with non domain joined WSs.
8. Can automate all this in reasonible manner
8. Can Manually run login scripts
9. Can sell this to my customer and say here you are
9. Can feel happy in the most atypical way
10. I tested this with 2000 server and worked like a charm. Wonder if there is something better? At least 11. I hope if running login scrits there won't be a problem related persistent issues.
I'm, really here to try improve my methods and asking help. My method works but integration towads Windows is close to nothing. I was once involved with a project to raise up a Win RADIUS server intergrated with FW. Didn't went too good. I do implement time to time SBS servers with self signed certificates and also with bublic one.
But this scenario. I believe that I'm missing something here. I do FWs pretty good. I do 2003 servers pretty good.
1. If I do the L2TP towards FW ho can I easyly provide shares to domain joined WS?
2. If #1 is history, how to carry on? Don't wan't to do:
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html
at this point. I'm just about to migrate. Really, do I have to do all that?
grtraders: VPN is OK but also problematic. VPN softawere, Win native support. "There where is a VPN there is a problem" said one wise man (was it me). How ever, my customers don't use FTP due to lack of security. Just build two DMZ-sites and HTTP-Commander in there. How do you like it?
Thanks,
Juha
SBS servers usually has pretty easy "step by step" wizards to take care of these (but actually not quite what I need). This is my second 2008 std server ( a migration from 2000). Done several 2003s up to 100 WSs. Several FW networks - also off shore. Less than 2 colleague, so I need to solve problems by my self .
How do you improve this WS remote access of which I'm not 100% pleased, allready tested:
1. I'll allready built a L2TP VPN tunnel terminated to an HW FW.
2. I configured a XP/Vista WS to connect to FW via L2TP tunnel.
3. Now i can ping the the FW internal IP and also the LAN IPs.
4. Tested this with non domain joined WS.
5. I configured a XP/Vista WS to connect to DC via PPTP tunnel.
6. Now I can open the shares without problems.
7. Tested this with non domain joined WSs.
8. Can automate all this in reasonible manner
8. Can Manually run login scripts
9. Can sell this to my customer and say here you are
9. Can feel happy in the most atypical way
10. I tested this with 2000 server and worked like a charm. Wonder if there is something better? At least 11. I hope if running login scrits there won't be a problem related persistent issues.
I'm, really here to try improve my methods and asking help. My method works but integration towads Windows is close to nothing. I was once involved with a project to raise up a Win RADIUS server intergrated with FW. Didn't went too good. I do implement time to time SBS servers with self signed certificates and also with bublic one.
But this scenario. I believe that I'm missing something here. I do FWs pretty good. I do 2003 servers pretty good.
1. If I do the L2TP towards FW ho can I easyly provide shares to domain joined WS?
2. If #1 is history, how to carry on? Don't wan't to do:
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html
at this point. I'm just about to migrate. Really, do I have to do all that?
grtraders: VPN is OK but also problematic. VPN softawere, Win native support. "There where is a VPN there is a problem" said one wise man (was it me). How ever, my customers don't use FTP due to lack of security. Just build two DMZ-sites and HTTP-Commander in there. How do you like it?
Thanks,
Juha
I agree with the security issues of Ftp but i did mention using it with ssh authentication. I came across a tutorial earlier and tested out implementation of vnc with putty in a virtual environment.
I will be posting the links in a short while as soon as i get to my pc.
I believe ftp can be implemented in a totally secure environment its just only a little setup that ip needed.
Ravi.
I will be posting the links in a short while as soon as i get to my pc.
I believe ftp can be implemented in a totally secure environment its just only a little setup that ip needed.
Ravi.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
I were messed up with other projects but will do this propably after on week. Actually I managed to create a LSTP VPN tunnel terminated to Firewall and based on testuser feedback it might cover all. No secondary PPTP is required.
The customer can no open shares on the Original old server. So pretty much this is taken care. Currently no credentials are asked for opening the share (while VPN connected) the cashed credentials seem to work here. This might be solved ,but it is possible that I need to implement perhaps WINS in the new server. Currently while L2TP connected the Internet browser doesn't work. This is potentially FW related. Perhaps try to provide DNS from FW for VPN connected users.
Special thanks to Ravi for intresting links.
Rgs, Juha
I were messed up with other projects but will do this propably after on week. Actually I managed to create a LSTP VPN tunnel terminated to Firewall and based on testuser feedback it might cover all. No secondary PPTP is required.
The customer can no open shares on the Original old server. So pretty much this is taken care. Currently no credentials are asked for opening the share (while VPN connected) the cashed credentials seem to work here. This might be solved ,but it is possible that I need to implement perhaps WINS in the new server. Currently while L2TP connected the Internet browser doesn't work. This is potentially FW related. Perhaps try to provide DNS from FW for VPN connected users.
Special thanks to Ravi for intresting links.
Rgs, Juha
ASKER
Sorry for the delay. I slipped your point but both answers were helful to me.
Thank you again.
Thank you again.
Ravi.